cve/2024/CVE-2024-10977.md

### [CVE-2024-10977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10977)
![](https://img.shields.io/static/v1?label=Product&message=PostgreSQL&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=17%3C%2017.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20Less%20Trusted%20Source&color=brighgreen)

### Description

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application.  For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results.  This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text.  Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/adegoodyer/kubernetes-admin-toolkit
- https://github.com/lekctut/sdb-hw-13-01
- https://github.com/pedr0alencar/vlab-metasploitable2
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`### [CVE-2024-10977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10977)`
			`![](https://img.shields.io/static/v1?label=Product&message=PostgreSQL&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=17%3C%2017.1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20Less%20Trusted%20Source&color=brighgreen)`

			`### Description`

			Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/adegoodyer/kubernetes-admin-toolkit`
			`- https://github.com/lekctut/sdb-hw-13-01`
			`- https://github.com/pedr0alencar/vlab-metasploitable2`